From 320060b1bd22bdded3d97fecadeca238089863b8 Mon Sep 17 00:00:00 2001 From: jellywx Date: Fri, 16 Jul 2021 18:18:35 +0100 Subject: [PATCH] functions for signing stuff --- Cargo.lock | 2 ++ Cargo.toml | 2 ++ src/commands/reminder_cmds.rs | 43 +++++++++++++++++++++++++++++++---- src/main.rs | 2 -- 4 files changed, 43 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b6b69c6..c125216 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1288,6 +1288,7 @@ name = "reminder_rs" version = "1.5.1" dependencies = [ "Inflector", + "base64 0.13.0", "chrono", "chrono-tz", "dashmap", @@ -1302,6 +1303,7 @@ dependencies = [ "regex", "regex_command_attr", "reqwest", + "ring", "serde", "serde_json", "serenity", diff --git a/Cargo.toml b/Cargo.toml index d20c414..c21577e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,6 +25,8 @@ levenshtein = "1.0" # serenity = { version = "0.10", features = ["collector"] } serenity = { path = "/home/jude/serenity", features = ["collector", "unstable_discord_api"] } sqlx = { version = "0.5", features = ["runtime-tokio-rustls", "macros", "mysql", "bigdecimal", "chrono"]} +ring = "0.16" +base64 = "0.13.0" [dependencies.regex_command_attr] path = "./regex_command_attr" diff --git a/src/commands/reminder_cmds.rs b/src/commands/reminder_cmds.rs index e111a57..209b3d5 100644 --- a/src/commands/reminder_cmds.rs +++ b/src/commands/reminder_cmds.rs @@ -7,8 +7,8 @@ use serenity::{ client::Context, http::CacheHttp, model::{ - channel::GuildChannel, channel::Message, + channel::{Channel, GuildChannel}, guild::Guild, id::{ChannelId, GuildId, UserId}, misc::Mentionable, @@ -26,7 +26,7 @@ use crate::{ }, framework::SendIterator, get_ctx_data, - models::{ChannelData, GuildData, Timer, UserData}, + models::{ChannelData, CtxGuildData, GuildData, MeridianType, Timer, UserData}, time_parser::{natural_parser, TimeParser}, }; @@ -42,14 +42,14 @@ use std::{ collections::HashSet, convert::TryInto, default::Default, + env, fmt::Display, string::ToString, time::{SystemTime, UNIX_EPOCH}, }; -use crate::models::{CtxGuildData, MeridianType}; use regex::Captures; -use serenity::model::channel::Channel; +use ring::hmac; fn shorthand_displacement(seconds: u64) -> String { let (days, seconds) = seconds.div_rem(&DAY); @@ -80,6 +80,41 @@ fn longhand_displacement(seconds: u64) -> String { sections.join(", ") } +fn generate_signed_payload(reminder_id: u32, member_id: u64) -> String { + let s_key = hmac::Key::new( + hmac::HMAC_SHA256, + env::var("SECRET_KEY") + .expect("No SECRET_KEY provided") + .as_bytes(), + ); + + let mut context = hmac::Context::with_key(&s_key); + + context.update(&reminder_id.to_le_bytes()); + context.update(&member_id.to_le_bytes()); + + let signature = context.sign(); + + format!( + "{}.{}", + base64::encode(reminder_id.to_le_bytes()), + base64::encode(&signature) + ) +} + +fn validate_signature(payload: String, member_id: u64) -> bool { + let (a, _b) = payload.split_once('.').expect("Payload format incorrect"); + + let reminder_id = u32::from_le_bytes( + base64::decode(a) + .expect("Payload format incorrect") + .try_into() + .expect("Payload format incorrect"), + ); + + payload == generate_signed_payload(reminder_id, member_id) +} + async fn create_webhook( ctx: impl CacheHttp, channel: GuildChannel, diff --git a/src/main.rs b/src/main.rs index 89af49f..415c225 100644 --- a/src/main.rs +++ b/src/main.rs @@ -268,8 +268,6 @@ DELETE FROM guilds WHERE guild = ? if let (Some(InteractionData::MessageComponent(data)), Some(member)) = (interaction.clone().data, interaction.clone().member) { - println!("{}", data.custom_id); - if data.custom_id.starts_with("timezone:") { let mut user_data = UserData::from_user(&member.user, &ctx, &pool) .await